ErsatzPasswords - Ending Password Cracking

Christopher N. Gutierrez - Purdue University

Apr 27, 2016

Abstract

In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes, rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server to prevent off-site password discovery as well as a deception mechanism to alert administrators of such attempts. Our scheme can be easily integrated with legacy systems without the need for any additional servers, changing the structure of the hashed password file or any client modifications. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme. However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords she will get are the ErsatzPasswords— the “fake passwords”. When an attempt to login using these ErsatzPasswords is detected an alarm is triggered. Even with an adversary who knows about the scheme, cracking cannot be launched without physical access to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. ErsatzPassword is flexible by design, enabling the proposed scheme to be integrated to existing authentication systems without changes to user experience. The proposed scheme is integrated into the pam_unix module as well as two client/server authentication schemes: LDAP authentication and the Pythia PRF Service [Everspaugh et al. 2015]. The core library to support ErsatzPassword in C and Python required 255 and 103 lines of code, respectively. The integration of ErsatzPassword for each explored authentication systems required less than 100 lines of code. Experimental evaluation of ErsatzPassword shows an increase of authentication latency in the order of 100 ms, which may be acceptable for end user experience. A framework for implementing ErsatzPassword using the Trusted Platform Module (TPM) provides a greater sense of machine-dependent functionality to resist offline attacks.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.